package com.coin900.coin.base.security;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AnonymousFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.util.HashMap;
import java.util.Map;

/**
 * Created by laborc on 16/9/26.
 */
public class AnonFilter extends AnonymousFilter {

    protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) {
        Subject subject = SecurityUtils.getSubject();
        //如果 isAuthenticated 为 false 证明不是登录过的，同时 isRememberd 为true 证明是没登陆直接通过记住我功能进来的
        if(subject.isRemembered()){
            //获取session看看是不是空的
            Session session = subject.getSession(true);
            //随便拿session的一个属性来看session当前是否是空的，我用userId，你们的项目可以自行发挥
            if(session.getAttribute("user") == null){
                //如果是空的才初始化，否则每次都要初始化，项目得慢死
                //这边根据前面的前提假设，拿到的是username
                String username = subject.getPrincipal().toString();
                Map<String,Object> params = new HashMap<>();
//                params.put("username", username);
//                List<ElUserVO> elUserVOList = this.userService.loadElUser(params);
//                if(elUserVOList.isEmpty()){
//                    return true;
//                }
//                ElUserVO elUserVO = elUserVOList.get(0);
//                this.sessionService.doLoginAndInit(elUserVO.getUsername(),elUserVO.getPassword(),elUserVO.getPassword(), (HttpServletRequest) request);
            }
        }
        return true;
    }
//    @Autowired
//    private ISessionService sessionService;
//    @Autowired
//    private IElUserService userService;
}
